In this article, we will guide you through the enabling Multi-Factor Authentication (MFA) for Web Users in BigChange and managing IP settings for enhanced system security. These security measures ensure that only authorised users can access your system, enhancing overall security.
What is Multi-Factor Authentication (MFA)?
MFA is an additional layer of security used to verify a user's identity. It requires users to provide two or more verification factors to gain access to an application, such as BigChange. To access BigChange with MFA enabled, requires a user to enter an authentication code from a separate device (such as a smartphone) using an authenticator app (such as Google Authenticator) in addition to their BigChange login details.
Enabling MFA for All Web Users
To enforce MFA for all web users, follow these steps:
- Login to BigChange as a System Administrator.
- From the top navigation menu, select the "Account Settings" icon followed by "Settings"
- You can either select "General Account Settings" via the quick links menu, or select "Account" and then "Account Settings" from the side menu on the left.
- In the search box, type "multi" to locate the MFA setting under the "Security" section.
- Tick "Yes" to enable MFA for all users.
Once enabled, any user logging into your BigChange system will be prompted to set up MFA.
Setting Up MFA as an individual Web User for the first time
When MFA is enabled, Web Users will need to set it up during their next login, this is a one-time only setup. To do this, follow these steps:
- Login to BigChange.
- You will be re-directed to your profile page and prompted to scan a QR code (using another device, such as smartphone).
- Use a third-party authenticator app (such as Google Authenticator or Microsoft Authenticator) to scan the QR code.
- The app will save BigChange (JobWatch) as an MFA code.
- Once you have confirmed a code is being generated by the authenticator app, select "Save".
Please do not share your QR code with other web users, as it will not work for them.
From now on, you will be prompted to enter a new code from the authenticator app each time you login.
Resetting MFA for a Web User
If a Web User needs to reset their MFA, a System Administrator can do this on their behalf by following these steps:
- Login to BigChange as a System Administrator.
- From the top navigation menu, select the "Account Settings" icon followed by "Settings".
- Select "Web Users" from the side menu on the left.
- Select "Add and Edit" and search for the user.
- Select the relevant Web User and select "Reset Multi-Factor Authentication"
- Confirm the reset.
The next time the Web User logs in, they will be prompted to set up MFA again by scanning a new QR code.
Setting IP Restrictions for Web Users
Setting IP restrictions allow you to limit Web User access to your BigChange system from specific IP addresses. This is useful for ensuring that users can only login from trusted locations.
Only one IP address can be entered into BigChange, restricting the Web User to only login from the location associated with that IP address.
Do not impose IP restrictions to Web Users if you use dynamic IP addresses.
Setting IP Restrictions for Individual Web Users:
- Login to BigChange as System Administrator.
- From the top navigation menu, select the "Account Settings" icon followed by "Settings".
- Go to "Web Users" and select "Add and Edit."
- Search for the relevant Web User and select "Edit."
- Locate the "IP Restriction" field.
- Enter the full IP address (of your trusted location) and select "Save."
- Once saved, BigChange will block any login attempts from IP addresses other than the specified one.
Whitelisting IP Addresses
Whitelisting IP addresses allows users to bypass MFA when logging in from trusted locations, such as your office.
To add whitelisted IP addresses to BigChange, follow these steps:
- Login as a System Administrator.
- From the top navigation menu, select the "Account Settings" icon followed by "Settings"
- From the side menu, select "Account", followed by "Whitelisted IP Addresses"
- Add the IP addresses you want to whitelist.
Hint
To help you manage white listed IP addresses you can add a name, description, and expiry date for each IP address.
This will allow users to log in without MFA from the whitelisted IP addresses.
Best Practices for MFA and IP Restrictions
To ensure maximum security, we recommend the following best practices:
- Enable MFA for all Web Users.
- Whitelist IP addresses only for trusted locations.
- Use IP restrictions for users who only need access from specific locations.
Conclusion
By following these steps, you can effectively manage IP restrictions and MFA for Web Users in BigChange. This will enhance the security of your system and ensure that only authorised users can access it.
Comments
0 comments
Please sign in to leave a comment.